MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9843d29c2d36c7c69f35929ff9ee015ab34a7f208ccd98b46602130d528e8f73. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9843d29c2d36c7c69f35929ff9ee015ab34a7f208ccd98b46602130d528e8f73
SHA3-384 hash: 94a1e0a5bc404cfaf5c7c5fd152bf5c4af918b63c81fa414992951c6bd01c41573c6356e3a9bb48b32cfb51304cf4f85
SHA1 hash: f33f37d47a6cd8d13a8cc2ebdee62c7d1f7513e7
MD5 hash: 54366d8fbe6a788835ca0733c10518b2
humanhash: mobile-venus-snake-harry
File name:hesaphareketi0001.xz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:249'654 bytes
First seen:2020-07-02 07:03:26 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:0nYY9AdMeNuY6+jMksm4RnPaK9kYrEVkGYA:0YY9DWuY6dxmDK9kyEiA
TLSH 213422FF24E78AC5885EFC5A83A44BDF4F1D03EA67A2D6941BCE451762C19F89B43140
Reporter abuse_ch
Tags:AgentTesla xz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: garantibbva.com.tr
Sending IP: 45.147.229.205
From: ekstre@garantibbva.com.tr
Subject: Hesap hareketleriniz
Attachment: hesaphareketi0001.xz (contains "hesaphareketi0001.exe")

AgentTesla SMTP exfil server:
mail.bunsadokum.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.CAP_HookExKeylogger.14949.16002.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9843d29c2d36c7c69f35929ff9ee015ab34a7f208ccd98b46602130d528e8f73/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-07-02 07:05:07 UTC
AV detection:
8 of 48 (16.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=tbb5fhbng3d4nhzvskp7t3qblkzuu7zartgzrndgaijq2uuor5zq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 9843d29c2d36c7c69f35929ff9ee015ab34a7f208ccd98b46602130d528e8f73

(this sample)

AgentTesla

Executable exe d5ce7b34c08ff86a5bd09d3dbd25b03be1e9848a94d4306de1dd7503a9fa955b

  
Dropping
MD5 27839275fde048fc4d871e8b87a9c2f1
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d5ce7b34c08ff86a5bd09d3dbd25b03be1e9848a94d4306de1dd7503a9fa955b

Comments